1b9105f158
we disable emergency mode in systemd, but if systemd is enabled during boot we still end up in emergency mode eventually, this will fix that.
515 lines
16 KiB
Nix
515 lines
16 KiB
Nix
{
|
|
inputs = {
|
|
|
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
|
|
|
clan-fact-generators = {
|
|
url = "github:mrvandalo/clan-fact-generators";
|
|
inputs.clan-core.follows = "clan-core";
|
|
};
|
|
|
|
clan-core = {
|
|
url = "git+https://git.clan.lol/clan/clan-core";
|
|
#url = "git+file:///home/palo/dev/clan-core";
|
|
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
|
|
inputs.flake-parts.follows = "flake-parts";
|
|
};
|
|
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
|
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
|
|
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
|
|
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
|
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
|
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
|
|
|
|
home-manager = {
|
|
#url = "github:nix-community/home-manager/release-23.11";
|
|
url = "github:nix-community/home-manager";
|
|
#inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
polygon-art = {
|
|
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
|
};
|
|
|
|
home-manager-utils = {
|
|
url = "github:mrvandalo/home-manager-utils";
|
|
inputs.home-manager.follows = "home-manager";
|
|
};
|
|
|
|
permown = {
|
|
url = "github:mrVanDalo/module.permown";
|
|
#url = "git+file:///home/palo/dev/nixos/permown";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
private_assets = {
|
|
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
|
|
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
|
flake = true;
|
|
};
|
|
|
|
retiolum = {
|
|
url = "github:Mic92/retiolum";
|
|
#url = "git+file:///home/palo/dev/nixos/retiolum";
|
|
};
|
|
|
|
srvos.url = "github:nix-community/srvos";
|
|
|
|
landingpage = {
|
|
#url = "git+file:///home/palo/dev/landingpage";
|
|
url = "github:mrVanDalo/landingpage";
|
|
};
|
|
|
|
# todo: mabye use https://github.com/jtroo/kanata instead
|
|
# fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
|
|
kmonad = {
|
|
url = "github:kmonad/kmonad?dir=nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
stylix = {
|
|
url = "github:danth/stylix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
inputs.home-manager.follows = "home-manager";
|
|
};
|
|
|
|
# smoke test framwork to trigger tests (enable if I want to use it for real)
|
|
#smoke = {
|
|
# url = github:SamirTalwar/smoke;
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
#};
|
|
|
|
# had to override it to remove colors
|
|
taskshell = {
|
|
url = "github:mrvandalo/taskshell";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# my own tool
|
|
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
|
|
};
|
|
|
|
outputs =
|
|
inputs@{ self
|
|
, clan-core
|
|
, clan-fact-generators
|
|
, flake-parts
|
|
, home-manager
|
|
, home-manager-utils
|
|
, kmonad
|
|
, landingpage
|
|
, nixos-anywhere
|
|
, nixos-hardware
|
|
, nixpkgs
|
|
, nixpkgs-legacy_2211
|
|
, nixpkgs-legacy_2311
|
|
, nixpkgs-legacy_2405
|
|
, nixpkgs-unstable-small
|
|
, overviewer
|
|
, permown
|
|
, polygon-art
|
|
, private_assets
|
|
, retiolum
|
|
, srvos
|
|
, stylix
|
|
, taskshell
|
|
}:
|
|
|
|
let
|
|
#system = "x86_64-linux";
|
|
|
|
#pkgs = nixpkgs.legacyPackages.${system};
|
|
inherit (nixpkgs) lib;
|
|
|
|
meta = rec {
|
|
system = "x86_64-linux";
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
config.permittedInsecurePackages = [
|
|
"electron-24.8.6" # for bitwarden
|
|
"python-2.7.18.6"
|
|
"python-2.7.18.7"
|
|
"python-2.7.18.8"
|
|
"electron-27.3.11" # for logseq
|
|
"electron-28.3.3" # for logseq
|
|
];
|
|
overlays = [
|
|
(_self: _super: {
|
|
unstable-small = import nixpkgs-unstable-small {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
legacy_2211 = import nixpkgs-legacy_2211 {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
legacy_2311 = import nixpkgs-legacy_2311 {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
legacy_2405 = import nixpkgs-legacy_2405 {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
polygon-art = polygon-art.packages.${system};
|
|
landingpage = landingpage.packages.${system}.plain;
|
|
kmonad = kmonad.packages.${system}.kmonad;
|
|
tasksh = taskshell.packages.${system}.tasksh;
|
|
overviewer = overviewer.packages.${system}.overviewer;
|
|
pkl = self.packages.${system}.pkl;
|
|
})
|
|
(import ./pkgs)
|
|
];
|
|
};
|
|
specialArgs = {
|
|
inherit private_assets inputs;
|
|
assets = ./assets;
|
|
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
|
|
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
|
|
zerotierDeviceName = "ztbn67ogn2";
|
|
components = ./components;
|
|
features = ./features;
|
|
};
|
|
};
|
|
|
|
clanSetup =
|
|
{ name
|
|
, host
|
|
, modules
|
|
}: {
|
|
|
|
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
|
|
nixpkgs.pkgs = meta.pkgs;
|
|
nixpkgs.hostPlatform = meta.system;
|
|
clan.core.facts.secretStore = "password-store";
|
|
|
|
imports = modules ++ defaultModules ++ [
|
|
./machines/${name}/configuration.nix
|
|
];
|
|
};
|
|
|
|
zerotierControllerModule =
|
|
{
|
|
clan.core.networking.zerotier.controller = {
|
|
enable = true;
|
|
public = false;
|
|
};
|
|
};
|
|
|
|
zerotierModules = { pkgs, ... }: {
|
|
imports = [
|
|
|
|
# this magically adds all my machines in the zero tier network
|
|
# and makes the controller accept them.
|
|
# will automatic look into `/machines/<name>/facts/zerotier-ip
|
|
inputs.clan-core.clanModules.zerotier-static-peers
|
|
|
|
# Statically configure the host names of machines based on their respective zerotier-ip.
|
|
inputs.clan-core.clanModules.static-hosts
|
|
|
|
# generate ssh host keys with facts
|
|
inputs.clan-core.clanModules.sshd
|
|
|
|
# manual configs
|
|
{
|
|
clan.static-hosts.topLevelDomain = "bear";
|
|
components.network.zerotier.enable = true;
|
|
environment.systemPackages = [
|
|
clan-core.packages.${pkgs.system}.clan-cli
|
|
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
|
|
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
|
|
'')
|
|
];
|
|
}
|
|
];
|
|
};
|
|
|
|
defaultModules = [
|
|
# make flake inputs accessiable in NixOS
|
|
{
|
|
_module.args.self = self;
|
|
_module.args.inputs = self.inputs;
|
|
}
|
|
# ssh keys
|
|
({ config, ... }: {
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
# master key
|
|
./assets/mrvandalo_rsa.pub
|
|
# backup key
|
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
|
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
|
|
];
|
|
})
|
|
{
|
|
# disable emergency mode everywhere, although it might be needed on laptops
|
|
boot.initrd.systemd.emergencyAccess = false;
|
|
boot.initrd.systemd.suppressedUnits = [
|
|
"emergency.service"
|
|
"emergency.target"
|
|
];
|
|
systemd.enableEmergencyMode = false;
|
|
}
|
|
# configure nix
|
|
({ pkgs, lib, clanLib, ... }:
|
|
{
|
|
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
|
|
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
nix.settings.max-jobs = 1;
|
|
# no channesl needed this way
|
|
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
|
|
|
# documentation
|
|
# =============
|
|
documentation.nixos.enable = true;
|
|
#documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
|
|
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
|
|
documentation.nixos.extraModules = [
|
|
./components
|
|
./features
|
|
#./modules
|
|
inputs.clan-core.nixosModules.clanCore
|
|
# inputs.stylix.nixosModules.stylix # fixme: not working
|
|
permown.nixosModules.permown
|
|
kmonad.nixosModules.default
|
|
home-manager.nixosModules.home-manager
|
|
# retiolum.nixosModules.retiolum # fixme: not working
|
|
];
|
|
|
|
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
|
|
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
|
|
boot.loader.grub.configurationLimit = lib.mkDefault 10;
|
|
})
|
|
# My Structure
|
|
./components
|
|
./features
|
|
./modules # todo : spread this across features and components
|
|
#./system/all # todo : spread this across features and components
|
|
|
|
# some modules I always use
|
|
permown.nixosModules.permown
|
|
kmonad.nixosModules.default
|
|
# some default things I always want
|
|
({ pkgs, ... }: {
|
|
boot.tmp.useTmpfs = lib.mkDefault true;
|
|
environment.systemPackages = [
|
|
pkgs.nixpkgs-fmt
|
|
];
|
|
})
|
|
];
|
|
|
|
stylixModules = { pkgs, config, ... }: {
|
|
imports = [ stylix.nixosModules.stylix ];
|
|
stylix.enable = true;
|
|
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
|
|
stylix.image = ./assets/wallpaper.png;
|
|
stylix.fonts = {
|
|
serif = {
|
|
package = pkgs.ubuntu_font_family;
|
|
name = "Ubuntu";
|
|
};
|
|
sansSerif = {
|
|
package = pkgs.ubuntu_font_family;
|
|
name = "Ubuntu";
|
|
};
|
|
monospace = {
|
|
package = pkgs.jetbrains-mono;
|
|
name = "JetBrains Mono";
|
|
};
|
|
emoji = {
|
|
package = pkgs.noto-fonts-emoji;
|
|
name = "Noto Color Emoji";
|
|
};
|
|
sizes.popups = 15;
|
|
};
|
|
# todo: remove this if not needed anymore
|
|
#home-manager.sharedModules = [
|
|
# { stylix.targets.bemenu.enable = false; }
|
|
#];
|
|
|
|
};
|
|
|
|
homeManagerModules = { pkgs, config, ... }: {
|
|
imports = [
|
|
home-manager.nixosModules.home-manager
|
|
];
|
|
home-manager.extraSpecialArgs = {
|
|
inherit private_assets;
|
|
assets = ./assets;
|
|
};
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
home-manager.backupFileExtension = "backup";
|
|
home-manager.sharedModules = [
|
|
home-manager-utils.hmModule
|
|
];
|
|
};
|
|
|
|
in
|
|
|
|
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
|
|
# We define our own systems below. you can still use this to add system specific outputs to your flake.
|
|
# See: https://flake.parts/getting-started
|
|
systems = [ "x86_64-linux" ];
|
|
|
|
# import clan-core modules
|
|
imports = [
|
|
clan-core.flakeModules.default
|
|
];
|
|
|
|
perSystem = { pkgs, ... }: {
|
|
packages.pkl = pkgs.callPackage ./pkgs/pkl { };
|
|
};
|
|
|
|
# Define your clan
|
|
clan = {
|
|
# Clan wide settings.
|
|
meta.name = "gummybears"; # Ensure to choose a unique name.
|
|
specialArgs = meta.specialArgs;
|
|
|
|
machines = {
|
|
|
|
sternchen = clanSetup {
|
|
name = "sternchen";
|
|
host = "sternchen.bear";
|
|
#host = "192.168.178.25";
|
|
modules = [
|
|
nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
|
homeManagerModules
|
|
stylixModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/tina;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
|
|
({ lib, ... }: {
|
|
home-manager.sharedModules = [
|
|
{
|
|
programs.atuin.enable = lib.mkForce false;
|
|
}
|
|
];
|
|
})
|
|
{
|
|
clan.core.machineDescription = "LaLaptop";
|
|
}
|
|
];
|
|
};
|
|
|
|
cream = clanSetup {
|
|
name = "cream";
|
|
host = "cream.bear";
|
|
modules = [
|
|
zerotierModules
|
|
nixos-hardware.nixosModules.framework-12th-gen-intel
|
|
retiolum.nixosModules.retiolum
|
|
private_assets.nixosModules.cream
|
|
private_assets.nixosModules.yubikey
|
|
homeManagerModules
|
|
stylixModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Laptop";
|
|
}
|
|
];
|
|
};
|
|
|
|
cherry = clanSetup {
|
|
name = "cherry";
|
|
host = "cherry.bear";
|
|
modules = [
|
|
zerotierModules
|
|
nixos-hardware.nixosModules.framework-13th-gen-intel
|
|
retiolum.nixosModules.retiolum
|
|
private_assets.nixosModules.yubikey
|
|
homeManagerModules
|
|
stylixModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Laptop";
|
|
}
|
|
];
|
|
};
|
|
|
|
chungus = clanSetup {
|
|
name = "chungus";
|
|
host = "chungus.bear";
|
|
modules = [
|
|
zerotierModules
|
|
zerotierControllerModule
|
|
homeManagerModules
|
|
stylixModules
|
|
retiolum.nixosModules.retiolum
|
|
private_assets.nixosModules.chungus
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Home Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
orbi = clanSetup {
|
|
name = "orbi";
|
|
host = "orbi.bear";
|
|
#host = "95.216.66.212";
|
|
modules = [
|
|
zerotierModules
|
|
homeManagerModules
|
|
stylixModules
|
|
srvos.nixosModules.hardware-hetzner-online-intel
|
|
#srvos.nixosModules.server
|
|
#srvos.nixosModules.mixins-terminfo
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Internet Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
probe = clanSetup {
|
|
name = "probe";
|
|
#host = "167.235.205.150";
|
|
host = "95.217.18.54";
|
|
modules = [
|
|
homeManagerModules
|
|
stylixModules
|
|
srvos.nixosModules.hardware-hetzner-cloud
|
|
srvos.nixosModules.server
|
|
srvos.nixosModules.mixins-terminfo
|
|
#inputs.clan-core.clanModules.sshd
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Dummy Internet Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
});
|
|
|
|
}
|
|
|